Tag Archives: chief financial officer

The Big Credit Card Theft

Trying to make sense of the massive theft of credit card numbers at CardSystems, ‘a leading provider of end-to-end payment processing solutions focused exclusively on meeting the needs of small to mid-sized merchants’, in which information on more than 40 million credit cards may have been stolen.

CardSystems itself has issued only a brief statement on its website (no permalink available) saying it had identified

a potential security incident on Sunday, May 22nd. On Monday, May 23rd, CardSystems contacted the Federal Bureau of Investigation. Subsequently, the VISA and MasterCard Card Associations were notified to alert them of a possible security incident. CardSystems immediately began a remediation process to ensure all systems were secure. Additionally, CardSystems immediately engaged an independent 3rd party to validate systems security.

Notice the careful language: It talks only of ensuring all ‘systems were secure’ — in the security industry this is like checking all the locks work while watching all the horses bolting off down the street. (And don’t the FBI work on Sundays? Why wait a day to let them know?)

Then there’s the question: Why wait almost a month to let us know? A separate story by AP quotes CardSystems as saying that

it was told by the FBI not to release any information to the public. The company says it’s surprised by MasterCard’s decision to go public.

Actually, not so, say the FBI: Another AP story quotes an FBI spokeswoman, Deb McCarley, as denying

that the agency told CardSystems not to disclose the existence of the intrusion. McCarley says the FBI told CardSystems to follow its corporate policies without disclosing details that might compromise the ongoing investigation.

In fact, a MasterCard statement suggests that it was they, not CardSystems, who first identified the breach:

MasterCard International’s team of security experts identified that the breach occurred at Tuscon-based CardSystems Solutions, Inc., a third-party processor of payment card data. Third party processors process transactions on behalf of financial institutions and merchants.

Through the use of MasterCard fraud-fighting tools that proactively monitor for fraud, MasterCard was able to identify the processor that was breached. Working with all parties, including issuing banks, acquiring banks, the processor and law enforcement, MasterCard immediately launched an investigation into the breach, and worked with CardSystems to remediate the security vulnerabilities in the processor’s systems.

In the meantime CardSystems was pretending it was business as usual, including an announcement on June 14 of a move into check processing, and posting job-ads for a ‘Software Quality Assurance Analyst’ to cover, among other things, ‘troubleshooting from operations, production, and outside vendors’ who can work ‘in a very fast-paced, high-visibility organization where priorities often change’. Indeed.

Anyway, the scale of the thing is pretty awesome: Softpedia quotes experts as saying

that this is the worst case of data theft in IT history. “In sheer numbers, this is probably one of the largest data security breaches,” said James Van Dyke, principal analyst at Javelin Strategy & Research in Pleasanton, Calif.

And just how did the theft happen? Details are sketchy, probably because no one yet knows (the MasterCard software which identified the fraud did so by monitoring transactions, not the actual breach. In other words, they observed the stolen goods being peddled, not the actual break-in). According to another AP story, MasterCard has identified CardSystems as being ‘hit  by a viruslike computer script that captured customer data for the purpose of fraud’, but hasn’t given any more details. CardSystems itself is not talking:

CardSystems’ chief financial officer, Michael A. Brady, refused to answer questions and referred calls to the company’s chief executive, John M. Perry, and its senior vice president of marketing, Bill N. Reeves. A message left for Perry and Reeves at the company’s Atlanta offices was not returned.

Both Perry and Brady have been with CardSystems a little over a year.

Say Goodbye To The USB Flash Drive?

I had an interesting conversation the other day with Trek 2000’s chief financial officer, Gurcharan Singh. Trek, a Singapore company, claim to be the originators of the USB drive, or thumb drive as they call it, and are currently sueing a company called M-Systems in a test case over who owns the patent for putting flash memory on a USB plug.

That’s all going through the courts, and has been for some time, but clearly Trek 2000 are playing a central role in the whole flash-drive-on-a-stick thing, since besides selling their own products, they are the OEM manufacturers of several dozen such USB drives, including folk like iomega. But what intrigued me, among several things, was a gadget he had in his display case that he hinted was the future of USB drives. I had asked him about concerns over the durability and reliability of flash memory (my own experience making me less than sanguine) and while he was careful not to play up such concerns, he pointed to a device that was barely larger than a USB drive, but which contained a 0.85 inch 10 gigabyte hard drive, manufactured by one of Trek 2000’s main strategic partners, Toshiba. “This will address the issues of flash that you’re talking about,” he said. At the moment flash drives get no larger than a 2 gigabytes.

Toshiba has promised to lauch the 0.85” drive early this year, according to The Register, who point out that these drives are about 80% smaller than the hard drives you’ll find in an iPod or similar device. If Gurcharan is correct it sounds like these hard drives will have a larger capacity than earlier expected and they’re likely to be as popular, if not more so, than the USB flash drive.

So will this cause a splash? Yes, I think, because they’re so small. They’ll wow us and make us do a lot more with our USB stick. Not that there aren’t options beyond flash out there already. Of a similar ilk, but using the older, larger drives, take a look at Sony’s new 2.0 GB Micro Vault Pro, which I saw in Singapore’s malls for about S$450 ($275, see illustration) or Z-Cyber’s 1 or 2 GB Zling Drives, which I’m guessing use the same hard drives, but seem to sell for a lot less: I saw the 2 GB version selling for S$200, and the 1 GB for S$129. Then there’s the Emprex range of Micro Storage, from 2.2 to 4.0 GB, selling for S$190 and S$275 respectively. All of these are basically small hard drives on a USB dongle. They’re nice, but they’re not nearly as small as what Trek 2000 are likely to unveil some time this year.  

(If you’re looking for larger storage you’ll have to go to iomega’s Mini Hard Drives, which come in 20GB and 40GB capacities. )

What I think we’re going to see are these microdrives really pushing out flash as folk come to rely on them more and more. It’s yet to be proven that these very small hard drives are as rugged as they claim to be, but I think we’re safe in saying that flash, while excellent, is not reliable enough to be anything other than a short-term means of storage. What’s more, with bigger capacities, micro drives are going to be able to do things, and go places, that flash drives just can’t do: Storing whole feature-length movies, an evening full of musical entertainment on a key-ring, a cellphone that doubles as your hard drive. There’ll be a role to play for USB flash but we may soon be looking back nostalgically at these devices as charmingly limited in what they could do for us.